T
Ted
one of my clients has have a Win2k server, it is a
webserver running IIS and that is all. It is sitting in
a DMZ and it has been hacked recently with numerous
trojans and virus'.
I was able to apply SP4 but I wasn't able to finish the
windows update, most notably the DCOM & Blaster updates.
When I do the windows update the download is fine, except
when it goes to install it I get a dialogue that
says "Setup cannot copy the file netbt.sys, ensure that
the location specified below is correct or change it and
insert "Unknown" in the drive you specify"
And then it gives me a dialogue with a path to ask where
the files are located.
I know that I have cleaned all of the trojans & virus'.
I have a port sniffer that is looking at all traffic. I
did also notice that the customer had the C drive shared
at the root, so I removed this share. Can anyone help
me with this issue?
Also, I dont see any attempts to run cmd.exe from the IIS
& FTP logs, could they have been coming thru the file
share? If so is there a log to let me know what and when
was copied to the system32 directory?
Thanks in advance
Ted
webserver running IIS and that is all. It is sitting in
a DMZ and it has been hacked recently with numerous
trojans and virus'.
I was able to apply SP4 but I wasn't able to finish the
windows update, most notably the DCOM & Blaster updates.
When I do the windows update the download is fine, except
when it goes to install it I get a dialogue that
says "Setup cannot copy the file netbt.sys, ensure that
the location specified below is correct or change it and
insert "Unknown" in the drive you specify"
And then it gives me a dialogue with a path to ask where
the files are located.
I know that I have cleaned all of the trojans & virus'.
I have a port sniffer that is looking at all traffic. I
did also notice that the customer had the C drive shared
at the root, so I removed this share. Can anyone help
me with this issue?
Also, I dont see any attempts to run cmd.exe from the IIS
& FTP logs, could they have been coming thru the file
share? If so is there a log to let me know what and when
was copied to the system32 directory?
Thanks in advance
Ted